Overview

overview

10

Static

static

3

http_dll.dll

windows7-x64

1

http_dll.dll

windows10-2004-x64

3

unsecapp.exe

windows7-x64

10

unsecapp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    unescape.zip

  • Size

    132KB

  • Sample

    240620-kwsc4ayfle

  • MD5

    139278a1cb5cd32fc0efd59c670eddee

  • SHA1

    208d871bbf3aad6b18c02f9f2ba1d166457506cb

  • SHA256

    625fba7fa29e9eb30a9cc98ece69706cbd66792b4185f92e14363657bd0e76d5

  • SHA512

    c34f1039040fbdb23f0557e3681db3531b2f98872c3ba5b1dd7c65ba0f3ca5675942b416ae8de16f2c7da7172ba58801dfd58a4b3f167c42d994c9579e129b55

  • SSDEEP

    3072:79QDqKTcsxYV5aPqFpGrJQrmvA5eNu79m79wymppbzPIEy0GXDVn:79QtxQayFpGVQGFNu79m7eymgERGB

Score
10/10
plugxpersistencetrojan

Malware Config

Extracted

Family

plugx

C2

www.apple-net.com:80

www.apple-net.com:443

www.apple-net.com:53

www.apple-net.com:8080
Mutex

Attributes
  • folder

    Microsoft Malware ProtectionbOr

Targets

    • Target

      http_dll.dll

    • Size

      20KB

    • MD5

      cc496b5bf0fe335447d1c08eb84ad8ab

    • SHA1

      11ada1737b52fac71138160f8ff14d23819308e7

    • SHA256

      f8b107ba060fc57899e02b6b5117c2603e169d8ee4beddf53be6d453e4fc12fb

    • SHA512

      361e830fd956eaf26d49bba92118a1e1d717cf0169f8def9989a813d123655bda9a45fa09d0ac4a34165d76ce4f279ea50ef35b0d6a5303881e4b0b42c972019

    • SSDEEP

      48:qAWig/W3oBaPDhFEj4R4L4DWBO51ltm8Ue7ocmRiUH4+ft2MaVVRVCk:kvcL3PR48Dv1lo8Ue8cYiUhVaVVRVCk

    Score
    3/10
    behavioral1behavioral2

    • Target

      unsecapp.exe

    • Size

      95KB

    • MD5

      28c6f235946fd694d2634c7a2f24c1ba

    • SHA1

      e9a9ce1ff07834d6ba9a51ba0d9e7c7a0b68d3e5

    • SHA256

      c3159d4f85ceb84c4a0f7ea9208928e729a30ddda4fead7ec6257c7dd1984763

    • SHA512

      16865c473e010950a2aa25263af70074ad7539a86dc20e0a253df39e54e3635e99e821d4df83cd7a0eaeff10c75782966439d16d056427e824be8df953e138be

    • SSDEEP

      1536:d4mHlQgfJA3DrnN6TU3W9bEuLJDuUVfwX9Gy5JE840gbDcCRDb9:dBFwrs9bb1VYXH5JE840Ax/9

    Score
    10/10
    plugxpersistencetrojan

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks